Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No RDF metadata #211

Open
1 task done
EldarAgalarov opened this issue Jul 3, 2024 · 3 comments
Open
1 task done

No RDF metadata #211

EldarAgalarov opened this issue Jul 3, 2024 · 3 comments
Labels
type:bug Something isn't working.
Milestone
Future Release

Comments

@EldarAgalarov
Copy link

Describe the bug

SVG Sanitizer removes RDF metadata leaving empty <metadata></metadata> tags.

The plugin should have an option to disable the sanitizer, something like this:

add_filter( 'safe_svg_sanitizer_enabled', '__return_false' );

Steps to Reproduce

Upload any SVG file that contains RDF metadata and check.

Screenshots, screen recording, code snippet

No response

Environment information

No response

WordPress information

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@EldarAgalarov EldarAgalarov added the type:bug Something isn't working. label Jul 3, 2024
@jeffpaul jeffpaul moved this from Incoming to Backlog in Open Source Practice Jul 5, 2024
@jeffpaul
Copy link
Member

jeffpaul commented Jul 9, 2024

In chatting with @darylldoyle on this, if you want to disable sanitizer then why even bother with the plugin (as that's the primary safeguard to ensure SVGs are... sanitized)? As such, we do not feel a filter is something we'll add here. Otherwise looking into what it would take to support RDF data seems like an option (related docs).

@jeffpaul jeffpaul added this to the Future Release milestone Jul 9, 2024
@EldarAgalarov
Copy link
Author

EldarAgalarov commented Jul 10, 2024
edited
Loading

@jeffpaul What if implement an additional "read-only" mode for the plugin? When user uploads SVG file the plugin checks if the SVG file are safe or not without sanitizing it and if file is safe then allow to upload it else reject file uploading. In such mode the safety also is guaranteed.

@jeffpaul
Copy link
Member

Sorry, that still opens too much risk which sanitizing the SVGs and this plugin is intended to do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:bug Something isn't working.
Projects
Open Source Practice
Status: Backlog
Milestone
Future Release
Development

No branches or pull requests
2 participants
@jeffpaul @EldarAgalarov